package org.shiki.hrm.filter;

import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class SmsCodeFilter extends OncePerRequestFilter {

	@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
		// 设置只拦截验证码登录的请求
		String uri = request.getRequestURI();
		if ("/smslogin".equals(uri)){
			// 获取请求参数
			String phone = request.getParameter("phone");
			String code = request.getParameter("code");
			Assert.notNull(code, "验证码不能为空!");
			String smsCode = (String) request.getSession().getAttribute("sms_code:" + phone);
			Assert.isTrue(code.equals(smsCode), "验证码错误!");
		}
		// 放行请求
		filterChain.doFilter(request, response);
	}
}
